CHAPTER
 
30-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
30
Configuring Access Rules
This chapter describes how to control network access through the adaptive security appliance using 
access rules, and it includes the following sections:
• Information About Access Rules, page 30-1
• Licensing Requirements for Access Rules, page 30-6
• Guidelines and Limitations, page 30-7
• Default Settings, page 30-7
• Configuring Access Rules, page 30-7
• Feature History for Access Rules, page 30-13
Note You use access rules to control network access in both routed and transparent firewall modes. In 
transparent mode, you can use both access rules (for Layer 3 traffic) and EtherType rules (for Layer 2 
traffic).
To access the adaptive security appliance interface for management access, you do not also need an 
access rule allowing the host IP address. You only need to configure management access according to 
Chapter 32, “Configuring Management Access.”
Information About Access Rules
 Your access policy is made up of one or more access rules and/or EtherType rules per interface or 
globally for all interfaces.
You can use access rules in routed and transparent firewall mode to control IP traffic. An access rule 
permits or denies traffic based on the protocol, a source and destination IP address or network, and 
optionally the source and destination ports.
For transparent mode only, an EtherType rule controls network access for non-IP traffic. An EtherType 
rule permits or denies traffic based on the EtherType.
This section includes the following topics:
• General Information About Rules, page 30-2
• Information About Access Rules, page 30-4
• Information About EtherType Rules, page 30-5